---
layout: docs
page_title: Token - Auth Methods
description: The token store auth method is used to authenticate using tokens.
---

# Token auth method

~> **NOTE:** The Token auth method cannot be configured with Vault's built-in [Login MFA](/vault/docs/auth/login-mfa) feature.

The `token` auth method is built-in and automatically available at `/auth/token`. It
allows users to authenticate using a token, as well to create new tokens, revoke
secrets by token, and more.

When any other auth method returns an identity, Vault core invokes the
token method to create a new unique token for that identity.

The token store can also be used to bypass any other auth method:
you can create tokens directly, as well as perform a variety of other
operations on tokens such as renewal and revocation.

Please see the [token concepts](/vault/docs/concepts/tokens) page dedicated
to tokens.

## Authentication

### Via the CLI

```shell-session
$ vault login token=<token>
```

### Via the API

The token is set directly as a header for the HTTP API. The header should be
either `X-Vault-Token: <token>` or `Authorization: Bearer <token>`.

## API

The Token auth method has a full HTTP API. Please see the
[Token auth method API](/vault/api-docs/auth/token) for more
details.
